As an Information Security Specialist at Cleary Gottlieb, you will play a crucial role in reviewing new technologies, responding to incidents, improving and evolving our security operations, and assisting with client assessment response. You’ll contribute to a wide variety of important tasks and backfill other Information Security roles across the department when extra capacity is needed, giving you broad exposure across multiple workstreams.  This individual will be a lead responsible for analyzing and documenting complex security architectures for advanced Cloud and Artificial Intelligence products and platforms; and apply our risk management framework to recommend risk treatment options back to key stakeholders. This role will offer an individual a wide range of opportunities to acquire and use their Information Security expertise in an enterprise environment.

Cleary Gottlieb is a preeminent law firm that prides itself on providing an extremely collaborative and collegial environment that is perfect for your career growth.  We are leading the legal industry in the use of cloud and AI technologies and would love for you to join our team.  We offer unmatched flexibility for hybrid work as well as providing a lovely office downtown to meet and work alongside your peers in Information Technology.

Technology Security Reviews

• Work collaboratively with key business stakeholders and internal IT contacts to conduct reviews and risk assessments of new technologies being considered for use. Formally document these architectures, delving deep into how the data is processed throughout its lifecycle, and clearly document security controls to protect that data.
• Document risk assessments such that they can be easily understood by stakeholders, and include actionable risk treatment recommendations/security requirements for implementation.
• Act as a resource to the Project Management Office and other business stakeholders throughout their deployment lifecycle so that the recommended controls are implemented and tested properly.

 Client Assessment Response

• As assigned, using a defined process and existing artifacts, take end to end ownership of responding to incoming client security assessments & audits, RFPs, and Outside Counsel Guideline review.
• Take first pass at completing lengthy client assessment questionnaires (100-200 questions on average) using a standard answer and evidence bank that ensures a consistent response across our client base.
• Recognize when banked answers need to be updated based on our evolving security program and recommend new language or approaches to questions as appropriate.
• Take professional pride in the quality of your response, ensuring that answers are accurate and complete; and work with the Senior Governance Risk and Compliance Analyst to validate answers before formally submitting back to the client.

Incident Response / Security Operations

• Monitor security events and alerts using security information and event management (SIEM) tools. Investigate and analyze security incidents to identify root causes and recommend remediation actions.
• Collaborate with cross-functional teams to develop and execute refined incident response playbooks which are streamlined and ensure that any risks are properly managed.
• Stay up-to-date on emerging cybersecurity threats, vulnerabilities, and best practices and scan for these emerging threats in our environment, providing prescriptive guidance to the teams affected.

• Bachelor's degree in Information Systems, Information Security, Risk Management, or a related field (experience may be considered in lieu of a degree).
• At least five years experience in Information Security or similar type role.
• Extremely good written and verbal communication skills, with the ability to produce high quality documentation either during or shortly after meeting with a cross functional group to discuss a technology considered for use by the firm.
• Excellent meeting facilitation and leadership skills necessary to own high visibility security reviews which receive attention from our internal legal team, CIO and other key stakeholders.
• Reasonable understanding of security concepts, such as networking (routing, firewalls, NAT translation, proxies, SASE solutions), authentication, role based access controls, encryption, data governance, etc.
• Very good data analysis skills with prior SIEM or equivalent data reporting technologies (databases, complex Excel spreadsheets). The ability to think critically about how data is structured and what story it tells.  The ability to use basic data visualizations to help readers quickly understand any relevant meaning within the data.
• A good understanding of governance frameworks and compliance programs. Able to competently understand all manner of questions that relate to domains covered by ISO 27001, SOC2 and other common frameworks.
• Extreme thoroughness and the ability to be directed on important initiatives, but to work independently to ensure the optimal outcome, reporting back to senior management on important milestones or issues that arise.

The estimated base salary for this position is $160,000 to $175,000 at the time of posting. The actual salary offered will depend on a variety of job-related factors, including skills, education, training, credentials, experience, scope and complexity of role responsibilities, geographic location, and performance. This role is exempt meaning it is not overtime pay eligible.

Cleary provides a comprehensive benefits package, including health care benefits. More information can be found here: Benefits

At Cleary Gottlieb, all members of our community deserve respect as individuals and appreciation for the contributions they make to our community. We champion diversity, equity, and inclusion, and creating equal opportunities to develop and succeed.